Hello everbody,
Hopefully somebody can help me out. For specific monitoring purposes i'm trying to achieve the following:
We curruntly running ELK v 7.13.2 in our environment. We have a specific application server in which we want to monitoring every morning if a connection to a DB has been esteblished. When the connection has been asteblished a log entry will be registered around 5:30 AM.
The server is configured to send out logs to Logstash using Filebeat.
In Elastic/Kibana I have configured the following rule:
Ideally I would like to set a fixed time to check if a specific log string has been registered around that given time (5:30), but that does not seem possible. We would like to be informed immediately after 5:30 AM if the log string ("Succesfull Connected...) does not occur.
Before I going to spend too much time on this I would like to know if this is possible at all. Thank you very much for your input.